目錄
1.代碼結構
參照這個模式,core做成普通的maven jar,而browser和app做成spring boot 的starter ,做成了starter後starter 所依賴的jar包將被全部引入新的demo項目。
基礎包是這樣的一個結構:
父pom依賴:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.lilly</groupId>
<artifactId>lilly-starter-parent</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>pom</packaging>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.6.RELEASE</version>
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<lilly.project.version>1.0-SNAPSHOT</lilly.project.version>
<java.version>1.8</java.version>
<spring-cloud.version>Greenwich.SR2</spring-cloud.version>
<maven.plugin.version>3.5.2</maven.plugin.version>
<gmavenplus.plugin.version>1.5</gmavenplus.plugin.version>
<maven.surefire.plugin.version>2.22.0</maven.surefire.plugin.version>
</properties>
<modules>
<module>lilly-starter-core</module>
<module>lilly-starter-browser</module>
<module>lilly-starter-app</module>
</modules>
<dependencyManagement>
<dependencies>
<!--統一控制Spring maven 依賴的版本 Spring io會指定版本,保證引入的包版本是兼容的-->
<dependency>
<groupId>io.spring.platform</groupId>
<artifactId>platform-bom</artifactId>
<version>Athens-SR2</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>2.3.2</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
</plugins>
</build>
</project>
core依賴:引入了oauth ,redis, jdbc, spring social
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>lilly-starter-parent</artifactId>
<groupId>org.lilly</groupId>
<version>1.0-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>lilly-starter-core</artifactId>
<packaging>jar</packaging>
<dependencies>
<!--core依賴-->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jdbc</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
<!--spring-social 用於第三方授權認證-->
<dependency>
<groupId>org.springframework.social</groupId>
<artifactId>spring-social-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.social</groupId>
<artifactId>spring-social-core</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.social</groupId>
<artifactId>spring-social-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.social</groupId>
<artifactId>spring-social-web</artifactId>
</dependency>
<!--工具包-->
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
</dependency>
<dependency>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
</dependency>
<dependency>
<groupId>commons-beanutils</groupId>
<artifactId>commons-beanutils</artifactId>
</dependency>
<!--spring默認使用yml中的配置,但有時候要用傳統的xml或properties配置,就需要使用spring-boot-configuration-processor了-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
</dependency>
</dependencies>
<build>
<finalName>lilly-starter-core</finalName>
</build>
</project>
瀏覽器starter: 引入了core,session,然後做成starter包需要的依賴
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>lilly-starter-parent</artifactId>
<groupId>org.lilly</groupId>
<version>1.0-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>lilly-starter-browser</artifactId>
<packaging>jar</packaging>
<dependencies>
<dependency>
<groupId>org.lilly</groupId>
<artifactId>lilly-starter-core</artifactId>
<version>${lilly.project.version}</version>
</dependency>
<!--瀏覽器依賴比app項目還多一個集羣的session管理-->
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session</artifactId>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-autoconfigure -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-autoconfigure</artifactId>
<version>2.1.8.RELEASE</version>
</dependency>
</dependencies>
</project>
然後加上META-INF,和自動配的類,那麼stater包就做好了
自定配置類暫時是空的。
在我們的demo項目中引入瀏覽器的starer就可以了,引入starter包他會把該starter包所以來的包都給引入進去
因爲引入了jdbc的starter和session的管理,所以先要配置數據庫連接和關掉session配置
spring:
application:
name: hzero-iam
datasource:
url: ${SPRING_DATASOURCE_URL:jdbc:mysql://localhost:3306/hzero_platform?useUnicode=true&characterEncoding=utf-8&useSSL=false}
username: ${SPRING_DATASOURCE_USERNAME:root}
password: ${SPRING_DATASOURCE_PASSWORD:133309}
driver-class-name: com.mysql.jdbc.Driver
session:
store-type: none
啓動還是報錯:NoClassDefFoundError: org/springframework/session/security/web/authentication/SpringSessionRememberM
Spring Session的包太陳舊了,所以跟新了一下包版本
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.6.RELEASE</version>
</parent>
<groupId>com.wx</groupId>
<artifactId>lilly-demo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>lilly-demo</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
<lilly.project.version>1.0-SNAPSHOT</lilly.project.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-web -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.lilly</groupId>
<artifactId>lilly-starter-browser</artifactId>
<version>1.0-SNAPSHOT</version>
<exclusions>
<exclusion>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.47</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
正常啓動,訪問接口會彈出登錄頁面
默認的用戶名爲user,默認的密碼在日誌裏面
現在我們想關掉Security的認證,該如何做呢?
通過yml配置的方式已經過時不可用了,配置多有路徑不攔截驗證。
2.自定義登錄
- 用戶的信息獲取
把上面關掉的安全設置打開,用戶的信息我們不能使用默認的,所以需要自己去重寫獲取用戶的信息的接口,當重寫了這個自己的認證邏輯後,日誌裏面的默認的登錄密碼就不在打印
還需要注入一個加密的Bean,不然會報There is no PasswordEncoder mapped for the id "null"
此時我們就可以使用admin admin來登錄並且能成功了。
2.處理用戶的校驗邏輯
實現這個接口的邏輯就可以處理用戶的校驗
3.密碼的加密
現在密碼都是默認加密,所以不用處理這一步
3.個性化認證流程
1.自定義登錄頁面
頁面:
<!DOCTYPE HTML>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org" >
<body>
<h1>This is My Login Page</h1>
<form th:action="@{/login}" method="post">
<p th:if="${error != null}">
<span>
<font>Invalid username and password.</font>
</span>
</p>
<p th:if="${logout != null}">
<span>You are logout.</span>
</p>
<p>
<label for="username">Username</label>
<input type="text" id="username" name="username"/>
</p>
<p>
<label for="password">Password</label>
<input type="password" id="password" name="password"/>
</p>
<input type="hidden"
th:name="${_csrf.parameterName}"
th:value="${_csrf.token}"/>
<button type="submit" class="btn">Log in</button>
</form>
</body>
</html>
security配置:
當我們訪問受保護的請求的時候,頁面會請求/login,所以我們要配置這樣一個Controller.可以看到這是一個Get請求
到達登錄頁面後輸入用戶名和密碼,點擊登錄
點擊登錄之後,頁面會向security發起一個login的post請求,
表單登錄會在UsernamePasswordAuthenticationFilter 這個過濾器中來處理,請求的路徑的login,方式是POST,
然後會走到UserDetailsService去驗證我們的用戶名和密碼,驗證通過之後會訪問到我們配置的默認的登錄請求哪裏,這裏是一個post的請求
然後返回首頁面
如果校驗不成功,返回登錄頁面,打印錯誤信息
但是如果我不想讓這個請求去訪問默認的 UsernamePasswordAuthenticationFilter中的路徑/login,那我們需要在配置中多加一行配置,相應的html頁面也需要修改。
參考文檔:https://www.cnblogs.com/mujingyu/p/10701026.html